Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2024-0914

Medium priority
Needs evaluation

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even...

1 affected package

opencryptoki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opencryptoki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3798

Medium priority
Needs evaluation

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user...

1 affected package

opencryptoki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opencryptoki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2012-4455

Low priority
Ignored

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.

1 affected package

opencryptoki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opencryptoki Not affected Not affected
Show less packages

CVE-2012-4454

Low priority
Ignored

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.

1 affected package

opencryptoki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opencryptoki Not affected Not affected
Show less packages